HDFS-11302. Improve Logging for SSLHostnameVerifier. Contributed by Chen Liang.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/a8d602e1 Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/a8d602e1 Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/a8d602e1 Branch: refs/heads/HDFS-10467 Commit: a8d602e1089e8a44f557c24217264876e397078f Parents: 4db939d Author: Xiaoyu Yao <[email protected]> Authored: Wed Apr 5 17:25:18 2017 -0700 Committer: Inigo <[email protected]> Committed: Thu Apr 6 18:58:23 2017 -0700 ---------------------------------------------------------------------- .../security/ssl/SSLHostnameVerifier.java | 21 +++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/a8d602e1/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java index b5ef2b2..27e4920 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java @@ -53,6 +53,8 @@ import javax.net.ssl.SSLSocket; import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.util.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** ************************************************************************ @@ -229,6 +231,12 @@ public interface SSLHostnameVerifier extends javax.net.ssl.HostnameVerifier { abstract class AbstractVerifier implements SSLHostnameVerifier { /** + * Writes as SSLFactory logs as it is the only consumer of this verifier + * class. + */ + static final Logger LOG = LoggerFactory.getLogger(SSLFactory.class); + + /** * This contains a list of 2nd-level domains that aren't allowed to * have wildcards when combined with country-codes. * For example: [*.co.uk]. @@ -354,13 +362,24 @@ public interface SSLHostnameVerifier extends javax.net.ssl.HostnameVerifier { throws SSLException { String[] cns = Certificates.getCNs(cert); String[] subjectAlts = Certificates.getDNSSubjectAlts(cert); - check(host, cns, subjectAlts); + try { + check(host, cns, subjectAlts); + } catch (SSLException e) { + LOG.error("Host check error {}", e); + throw e; + } } public void check(final String[] hosts, final String[] cns, final String[] subjectAlts, final boolean ie6, final boolean strictWithSubDomains) throws SSLException { + if (LOG.isTraceEnabled()) { + LOG.trace("Hosts:{}, CNs:{} subjectAlts:{}, ie6:{}, " + + "strictWithSubDomains{}", Arrays.toString(hosts), + Arrays.toString(cns), Arrays.toString(subjectAlts), ie6, + strictWithSubDomains); + } // Build up lists of allowed hosts For logging/debugging purposes. StringBuffer buf = new StringBuffer(32); buf.append('<'); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
